Previous: Files updated at startup
Sealing LIDS is an important operation that consist in
blocking a lot of important system calls, ioctls, etc. after
the initialisation of the system.
For exemple, you must forbid module loading/unloading to have
a secured system. But you may want to load some modules you cannot
include in the kernel (kernel too big, or binary-only modules).
You may also prevent anybody from mounting/unmounting devices, but
you must mount some devices at startup.
Prepare the LIDS sealing